General

  • Target

    60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad

  • Size

    4.2MB

  • Sample

    230810-exrkashg23

  • MD5

    e4448e2f5df5a13e04ce120a3e5707e4

  • SHA1

    906d2f49e761112d3c4946f0019b4e4a6e22c4f7

  • SHA256

    60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad

  • SHA512

    a2301da8b85c381844215e83d936d11a87b0cec35ae6df73482a1fe0925b88b1ea162a307032585b91a71e3a7220ff4fa28b3408760febbff660667c1921e5a1

  • SSDEEP

    98304:Q+HVb4W8QC49un+EI1VybU3pWW1Yvqr9O3t4fq98lRvIY:Q+HJ8l49O+b6F3+fm8lRAY

Malware Config

Targets

    • Target

      60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad

    • Size

      4.2MB

    • MD5

      e4448e2f5df5a13e04ce120a3e5707e4

    • SHA1

      906d2f49e761112d3c4946f0019b4e4a6e22c4f7

    • SHA256

      60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad

    • SHA512

      a2301da8b85c381844215e83d936d11a87b0cec35ae6df73482a1fe0925b88b1ea162a307032585b91a71e3a7220ff4fa28b3408760febbff660667c1921e5a1

    • SSDEEP

      98304:Q+HVb4W8QC49un+EI1VybU3pWW1Yvqr9O3t4fq98lRvIY:Q+HJ8l49O+b6F3+fm8lRAY

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks